IIS 7.0 Admin Pack: Request Filtering


My last post talked about the Technical Preview release of the IIS 7.0 Admin Pack, and how it includes 7 new features that will help you manage your IIS 7.0.

Today I was going to start writing about more details about each feature and Bill Staples just posted something (How to (un)block directories with IIS7 web.config) that almost seems that it was planned for me to introduce one of the features in the Admin Pack, namely Request Filtering UI.

IIS 7.0 includes a feature called Request Filtering that provides additional capabilities to secure your web server, for example it will let you filter requests that are double escaped, or filter requests that are using certain HTTP Verbs, or even block requests to specific “folders”, etc. I will not go into the details on this functionality, if you want to learn more about it you can see the Request Filtering articles over http://learn.iis.net

In his blog Bill mentions how you can easily configure Request Filtering using any text editor, such as notepad, and edit the web.config manually. That was required since we did not ship UI within IIS Manager for it due to time constraints and other things. But now as part of the Admin Pack we are releasing UI for managing the Request Filtering settings.

Following what Bill just showed in his blog, this is the way you would do it using the new UI instead.

1) Install IIS Admin Pack (Technical Preview)

2) Launch IIS Manager

3) Drill down using the Tree View to the site or application you want to change the settings for.

4)  Enter into the new feature called Request Filtering inside the IIS category

5) Select the Hidden Segments and choose “Add Hidden Segment” from the Task List on the right

6) Add the item

As you would expect the outcome is exactly as Bill explained in his blog, just an entry within you web.config, something like:

    <system.webServer>
       
<security>
           
<requestFiltering>
               
<hiddenSegments>
                   
<add segment=”log” />
                </
hiddenSegments>
           
</requestFiltering>
       
</security>
   
</system.webServer>

So as you can see the Request Filtering UI will help you discover some of the nice security settings that IIS 7.0 has. The following images show some of the additional settings you can configure, such as Verbs, Headers, URL Sequences, URL Length, Quey String size, etc.

Comments (12)

  1. One of the core priorities we focused on when building IIS 7 was to enable a rich .NET extensibility

  2. One of the core priorities we focused on when building IIS 7 was to enable a rich .NET extensibility

  3. One of the core priorities we focused on when building IIS 7 was to enable a rich .NET extensibility

  4. 【原文地址】 New Log Reporting, Database Management, and other cool admin modules for IIS 7 【原文发表日期】Wednesday

  5. 【原文地址】 New Log Reporting, Database Management, and other cool admin modules for IIS 7 | IIS 7 新的日志报表,数据库管理,和其他很酷的管理模块

  6. Uma das prioridades principais em que nos concentramos na construção do IIS7 foi a de fornecer um modelo

  7. Uma das prioridades principais em que nos concentramos na construção do IIS7 foi a de fornecer um modelo

  8. Statistiche di Log, Database e altre novit

  9. AlexShirshov says:

    Hi!

    I’ve found a bug. You should read date from the log file in culture independent manner. It seems now you just use Date.Parse(dt).

  10. Da Blog says:

    Found this post over on ScottGu&#39;s blog today, highlights some of the new featuresof IIS7. Man, I

  11. Jednym z priorytetów na którym skupiliśmy się przy budowie IIS7 było udostępnienie bogatego modelu rozszerzalności

  12. Le Request Filtering sous IIS 7.0 suscite de nombreuses questions. Ceci est principalement dû au fait